Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4345)

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.

Remediation

References

Related Vulnerabilities

Opencart Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2023-40834)

Drupal Improper Authentication Vulnerability (CVE-2019-10911)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (9.0.1)

Undertow Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-3859)

MySQL CVE-2022-21289 Vulnerability (CVE-2022-21289)

Severity

Low

Classification

CVE-2012-4345 CWE-707

Tags

Missing Update Known Vulnerabilities